Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory.

Impact

A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected script is called, this could result in the file being overwritten with the rights of the user running the script.